ansible使用密码批量操作

avatar 2020年11月30日18:10:52 评论 1,731 次浏览

ansible批量操作的优势就是不需要安装客户端,只需要在安装ansible机器上,可以批量操作能够直接链接的任何服务器。不过在生产环境中建议不要使用明码登录,不过也有一些特殊情况,必须使用明码。这里介绍一下使用ansible明码批量操作
首先,安装ansible,这里就不叙述了,可以参考:https://www.wulaoer.org/?p=1022

我的ansible已经安装好了,下面我要配置我的ansible的配置文件,因为我的客户端很多,所以需要理由不同的文件进行分类,在ansible的配置文件ansible.cfg中,定义自己的ansible的客户端配置文件路径,我把我的配置文件贴出来了

[root@wulaoer ~]# cd /etc/ansible/
[root@wulaoer ansible]# cat ansible.cfg | grep ^[^#]
[defaults]
inventory      = /etc/ansible/inventory
roles_path    = /etc/ansible/roles
host_key_checking = False
deprecation_warnings = True
command_warnings = False
retry_files_enabled = False
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
highlight = white
verbose = blue
warn = bright purple
error = red
debug = dark gray
deprecate = purple
skip = cyan
unreachable = red
ok = green
changed = yellow
diff_add = green
diff_remove = red
diff_lines = cyan
[diff]

在这里,我只修改了host路径,有原来的文件,替换成目录。我指定目录的目的是为了方便管理客户端,例如我qa环境,dev环境或者prod环境,用在前端或者后端,也或者是日志采集或者收集等等操作的。我这里是根据的IP网段,不同网段也根据环境进行区分,主要目的是为了指定目录,而不是文件。

[root@wulaoer ~]# cat /etc/ansible/inventory/pvc_10.211
[test]
CentOS2    ansible_ssh_user=root    ansible_ssh_host=10.211.55.45    ansible_ssh_pass='123456'    ansible_ssh_port=22
[test1]
CentOS2    ansible_ssh_user=root    ansible_ssh_host=10.211.55.45    ansible_ssh_pass='123456'    ansible_ssh_port=22

我的ansible的host文件内容指定的做了两个模块进行区分,一个是test1一个是test模块,如果你用的是密钥就不需要加ansible_ssh_pass了。下面根据是不同的参数定义注释

Ansible Inventory 内置参数

ansible_ssh_host                    定义hosts ssh地址                    ansible_ssh_host=10.211.55.45
ansible_ssh_port                    定义hosts ssh端口                    ansible_ssh_port=22
ansible_ssh_user                    定义hosts ssh认证用户                 ansible_ssh_user=user 
ansible_ssh_pass                    定义hosts ssh认证密码                 ansible_ssh_pass=pass
ansible_sudo                        定义hosts sudo用户                   ansible_sudo = www
ansible_sudo_pass                   定义hosts sudo密码                   ansible_sudo_pass=pass
ansible_sudo_exe                    定义hosts sudo路径                   ansible_sudo_exe=/usr/bin/sudo
ansible_connection                  定义hosts连接方式                    ansible_connection=local
ansible_ssh_private_key_file        定义hosts私钥                       ansible_ssh_private_key_file=/root/key
ansible_ssh_shell_type              定义hosts shell类型                 ansible_ssh_shell_type=bash
ansible_python_interpreter          定义hosts任务执行python路径          ansible_python_interpreter=/usr/bin/python2.6
ansible_*_interpreter               定义hosts其它语言解析路径             ansible_*_interpreter=/usr/bin/ruby

测试利用ansible的密码登录结果,我这里需要注意的是ansible的命令参数,看一下查看时间和获取ip地址

[root@wulaoer ~]# ansible  test -m raw  -a "date"
CentOS2 | CHANGED | rc=0 >>
Mon Nov 30 15:03:42 CST 2020
Shared connection to 10.211.55.45 closed.

[root@wulaoer ~]# ansible  test1 -m raw  -a "date"
CentOS2 | CHANGED | rc=0 >>
Mon Nov 30 15:03:49 CST 2020
Shared connection to 10.211.55.45 closed.

[root@wulaoer ~]# ansible  test -m raw  -a "ifconfig | grep eth0"
CentOS2 | CHANGED | rc=0 >>
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
Shared connection to 10.211.55.45 closed.

[root@wulaoer ~]# ansible  test1 -m raw  -a "ifconfig | grep eth0"
CentOS2 | CHANGED | rc=0 >>
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
Shared connection to 10.211.55.45 closed.

扩展部分,在使用ansible的时候使用到了参数-i,出现错误信息如下:

[root@wulaoer roles]# ansible -i hosts test -m raw  -a "ifconfig"
[WARNING]: Unable to parse /etc/ansible/roles/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'
[WARNING]: Could not match supplied host pattern, ignoring: test
[root@wulaoer roles]# vim ansibles ^C
[root@wulaoer roles]# ls
ansibles
[root@wulaoer roles]# ls
ansibles
[root@wulaoer roles]# mv ansibles hosts
[root@wulaoer roles]# ansible -i hosts test -m raw  -a "ifconfig"
10.211.55.45 | FAILED | rc=-1 >>
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host.

这中问题是因为参数-i,-i的参数意义是指定到hosts,我在配置文件里指定的是目录,所以出现错误,只需要修改一下自己的配置即可。

avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: